a83cf42e21e6c84a034aec735bf21fcd14e35e8d733f9fe5c11549e9c46ed250

General

Target

a83cf42e21e6c84a034aec735bf21fcd14e35e8d733f9fe5c11549e9c46ed250
Size

15KB
MD5

6a606df60a3f5e1ef33db6a6579d6555
SHA1

b1fe4da169ae75bf3ffa420a34f8b94e7bb4743f
SHA256

a83cf42e21e6c84a034aec735bf21fcd14e35e8d733f9fe5c11549e9c46ed250
SHA512

999c33f03097f13122590e7f8983fe671a0f7ff6e8056d7e0290647a6bb60de70ac9c5392790cc6a2cf490f9a2c454ed9c1b9ed018617e5bf768d30c21c029b7
SSDEEP

192:D47r3+tur0nRvMoeyPkUtSvQV12fNFtAxUuQe2IQ4kLntlq3Kd:D47j6sGvnVYf1KQlq3Kd

Score

N/A

Malware Config

Signatures

Files

a83cf42e21e6c84a034aec735bf21fcd14e35e8d733f9fe5c11549e9c46ed250
.exe windows x86

e8704d6182f9efa68cc6e906e6443473

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoFreeMdl
MmUnlockPages
DbgPrint
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
_stricmp
strrchr
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwQuerySystemInformation
ObfDereferenceObject
IoDriverObjectType
MmGetSystemRoutineAddress
RtlFreeUnicodeString
ZwCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeSetEvent
ZwReadFile
ZwQueryInformationFile
KeWaitForSingleObject
KeGetCurrentThread
MmProbeAndLockPages
IoAllocateMdl
IoAllocateIrp
KeInitializeEvent
IoGetCurrentProcess
ObReferenceObjectByHandle
IoFileObjectType
_allmul
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
ZwClose
IoFreeIrp

hal

KeStallExecutionProcessor

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 813B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mcata
Size: 640B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8704d6182f9efa68cc6e906e6443473

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 896B - Virtual size: 813B

.data Size: 4KB - Virtual size: 4KB

mcata Size: 640B - Virtual size: 520B

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 640B - Virtual size: 520B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 896B - Virtual size: 813B

.data
Size: 4KB - Virtual size: 4KB

mcata
Size: 640B - Virtual size: 520B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 640B - Virtual size: 520B